Keynote Lectures

New Directions for High-throughput and High-security Communication
Adrian Perrig, ETH Zürich, Switzerland, Switzerland

Practical and Provably Sound Static Analysis of Ethereum Smart Contracts
Matteo Maffei, TU Wien, Austria, Austria

Accessible Cyber Security: the next Frontier?
Karen Renaud, University of Strathclyde, United Kingdom, United Kingdom

New Directions for High-throughput and High-security Communication

Adrian Perrig
ETH Zürich, Switzerland

Brief Bio
Adrian Perrig is a Professor at the Department of Computer Science at ETH Zürich, Switzerland, where he leads the network security group. He is also a Distinguished Fellow at CyLab, and an Adjunct Professor of Electrical and Computer Engineering at Carnegie Mellon University. From 2002 to 2012, he was a Professor of Electrical and Computer Engineering, Engineering and Public Policy, and Computer Science (courtesy) at Carnegie Mellon University, becoming Full Professor in 2009. From 2007 to 2012, he served as the technical director for Carnegie Mellon's Cybersecurity Laboratory (CyLab). He earned his MS and PhD degrees in Computer Science from Carnegie Mellon University, and spent three years during his PhD at the University of California at Berkeley. He received his BSc degree in Computer Engineering from EPFL. Adrian's research revolves around building secure systems – in particular his group is working on the SCION secure Internet architecture. He is a recipient of the NSF CAREER award in 2004, IBM faculty fellowships in 2004 and 2005, the Sloan research fellowship in 2006, the Security 7 award in the category of education by the Information Security Magazine in 2009, the Benjamin Richard Teare teaching award in 2011, the ACM SIGSAC Outstanding Innovation Award in 2013. He is an IEEE senior member and became an ACM Fellow in 2017.

Abstract
Recent research in future Internet architectures has enabled several new opportunities that enable not only high security for communication, but also higher performance than traditional Internet approaches. In particular, new global symmetric key derivation systems can enable high-speed packet authentication at routers and firewalls at less than 100 ns on commodity hardware. The Path Aware Networking (PAN) concept empowers end hosts to obtain information about end-to-end network paths and select the optimal path for each packet, enabling multi-path communication which can further speed up communication. We will discuss these and other directions to move toward a highly secure and efficient next-generation academic research network.

Practical and Provably Sound Static Analysis of Ethereum Smart Contracts

Matteo Maffei
TU Wien, Austria

Brief Bio
Matteo Maffei is professor at TU Wien and head of the Security and Privacy group. He graduated at the Ca’ Foscari University of Venice in 2006 and later moved to Saarland University, where he served as research group leader and associate professor. His research interests focus on formal methods for security and privacy, web security, applied cryptography, and blockchain technologies. In 2018 he received an ERC Consolidator Grant and in 2009 a DFG Emmy Noether fellowship.

Abstract
Ethereum has emerged as the most popular smart contract development platform, with hundreds of thousands of contracts stored on the blockchain and covering a variety of application scenarios, such as auctions, trading platforms, and so on. Given their financial nature, security vulnerabilities may lead to catastrophic consequences and, even worse, they can be hardly fixed as data stored on the blockchain, including the smart contract code itself, are immutable. An automated security analysis of these contracts is thus of utmost interest, but at the same time technically challenging for a variety of reasons, such as the specific transaction-oriented programming mechanisms, which feature a subtle semantics, and the fact that the blockchain data which the contract under analysis interacts with, including the code of callers and callees, are not statically known.

In this talk, I will present eThor, the first sound and automated static analyzer for EVM bytecode, which is based on an abstraction of the EVM bytecode semantics based on Horn clauses. In particular, our static analysis supports reachability properties, which we show to be sufficient for capturing interesting security properties for smart contracts (e.g., single-entrancy) as well as contract-specific functional properties. Our analysis is proven sound against a complete semantics of EVM bytecode and an experimental large-scale evaluation on real-world contracts demonstrates that eThor is practical and outperforms the state-of-the-art static analyzers.

Accessible Cyber Security: the next Frontier?

Karen Renaud
University of Strathclyde, United Kingdom

Brief Bio
Karen Renaud is Professor of Cyber Security at Abertay University in Dundee, Scotland. She was educated at the Universities of Pretoria, South Africa and Glasgow. Her research been funded by the Association of Commonwealth Universities, the Royal Society, the Royal Academy of Engineers and the Fulbright Commission. She is particularly interested in deploying behavioural science techniques to improve security behaviours, and in encouraging end-user privacy-preserving behaviours. Her research approach is multi-disciplinary, essentially learning from other, more established, fields and harnessing methods and techniques from other disciplines to understand and influence cyber security behaviours. Karen is associate editor for Transactions on Computer Forensics and Security, Information Technology and People, the International Journal of Human Computer Studies and the Journal of Intellectual Capital.

Abstract
Cyber Security is challenging - there is plenty of evidence that many people struggle to secure their systems if one looks at how successful cyber criminals have been over the last few years. Many people consider this to be a consequence of a lack of knowledge and awareness. While not disputing that this is an issue, I will focus on accessibility: essentially how well we, as an industry, accommodate those who are not able to follow advice and guidelines. I will also talk about accessibility of security from the end user perspective. In essence, how accessible are the security measures we expect users to take, and impose on them?